Cybersecurity Assessments

Learn about cybersecurity assessment resources available for drinking water and wastewater systems.

On this page: 

Resources to Conduct Cybersecurity Assessment

Cybersecurity Guidance for Drinking Water and Wastewater 

Cybersecurity Risk Self-Assessment Resources

Cybersecurity Risk Third-Party Assessment Resources

Cybersecurity Vulnerability Assessment Resources

Identifying OT at Water Systems

Addressing Cybersecurity in your America’s Water Infrastructure Act Risk and Resilience Assessment

Safe Drinking Water Act (SDWA) section 1433, which was amended by America’s Water Infrastructure Act (AWIA) section 2013 in 2018, requires community water systems (CWS) serving more than 3,300 people to prepare or revise risk and resilience assessments (RRAs) and certify to EPA that this work has been completed. SDWA section 1433(a) states that the RRA must include “electronic, computer, or other automated systems (including the security of such systems),” otherwise known as cybersecurity. Therefore, a cybersecurity assessment must be included in the required RRA. EPA provides the free resources to described above to support utilities in conducting a cybersecurity assessment, from a third-party option where a contractor conducts the assessment, using EPA’s Water Sector Evaluation Program to a do-it-yourself option, using the free Water Cybersecurity Assessment Tool.

Technical Assistance

Sign Up for Cybersecurity Technical Assistance: Primacy agencies, drinking water and wastewater systems, circuit riders, and technical assistance providers can submit a question and/or a request for consultation regarding cybersecurity.

EPA Technical Assistance and Evaluation Program

Water Resilience

Contact Us about Water Resilience
Contact Us about Water Resilience to ask a question, provide feedback, or report a problem.
Last updated on September 26, 2025